I have two related questions:
What is the best way to managing deployment of web projects between environments? I just downloaded the .NET Web Deployment Project and it seems to handle things like replacing certain sections of the web.config
to match the environment, which is great. The other thing that I wanted to automate was the encryption of certain sections of the web.config
. Is there any way to 'auto-encrypt'
the web.config
sections after a publish?
The second question is where do you store your passwords in a web.config
? I want to encrypt the password but not the rest of the appSettings. Do I have to make a custom web.config
configuration setting area?
Hey Joel - the web deployment project is a bit dated now - check out the MS Deploy tool instead (it will be shipping with vs2010, but it's available stand-alone now). What you're asking is probably not handled out of the box with MSDeploy (machine-specific DPAPI encryption), but since the tool is integrated with powershell, you can use the powershell v2 CTP3 remoting feature to run the script to encrypt your configs on each machine, remotely (which is the only way you can access machien-local DPAPI anyway.)
This guy here does something similar:
http://forums.iis.net/p/1156413/1904975.aspx
-Oisin
We use RSA Protected Configuration to encrypt sections of our web.config manually after the webapp has been deployed to the new environment. The OS protects the keys for us. Hopefully that's helpful as you figure out how to automate your solution.
Now it seems support for Encrypting web.config sections post deployment has been added in version 3.5 of Web Deploy.
https://blogs.iis.net/msdeploy/archive/2013/07/09/webdeploy-3-5-rtw.aspx